This is an introductory article which gives the background to an interesting problem I've seen recently. Over the next 3 articles, I'll be looking at a solution to the problem and will discuss the following:
- Site definition basics - how to create and deploy
- Site provisioning - how to perform custom processing when sites are created using the definition
- Unique permissions on created sites - how to ensure that certain users are automatically granted access to sites created using the definition, even when the parent site has different users/permissions
What I aim to show is how to deploy a site definition which has custom permissions 'attached' to it. By this I mean that any sites created with this template will acquire a set of custom permissions, without a user/admin having to configure them separately. What we're effectively doing is automatically putting a set of users into SharePoint site groups (at the time of site creation) - assuming the site was called 'HR', these would be:
- HR owners
- HR members
- HR visitors
This can be extremely useful in certain scenarios when users are creating their own sites and workspaces in SharePoint, i.e. collaboration scenarios. One example might be a situation where say, the senior management of your organization (who are all fairly familiar with SharePoint of course ;-)) want to create sites for an important initiative they have. They want to do this on an ad-hoc basis without involving IT, but the sites must be restricted access such that only certain people can use them. Additionally, the requirements might be that some people have full control, but others can only read.
Since these security requirements are probably different to those of the parent site collection, the site must implement 'unique permissions'. This is key - if the site can share (and that's share, not inherit - think about the difference) the permissions of the parent site, then custom permissioning is not required. Otherwise if you are happy to set up the custom permissions manually each time a site is created, that can be done simply too without a solution like mine. SharePoint provides dialog screens for this during the site creation process, if you select 'Use unique permissions' in the Permissions section.
However, when it should happen automatically, you need to perform some custom processing during the site provisioning process, which is what I'm illustrating here. So with the background out of the way, the articles will consist of the following:
Article 1 - Site definition basics
- Process for creating custom site definitions
- How to deploy using a SharePoint Solution package (.wsp)
Article 2 - Custom code in the site provisioning process
- When this is necessary
- How to get your code to run at this time
Article 3 - how to implement unique permissions for sites created with the definition
- Storing permissions data in a secured SharePoint list
- Feature Receiver code to apply the permissions
Article 1 in the series should be published in a couple of days. See you then!